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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-6, 9-13, 15-16 rejected under 35 U.S.C. 102(e) as being anticipated by Porras et 
al(6,321,338). 

3. As per claim 1, Porras et al. discloses a central controller system(i.e. resolver, ref #20, 
fig. 2, sheet 2) to coordinate thwarting denial of service attacks(see col. 7, lines 43-54, col. 13, 
lines 31-59) on a victim data center(i.e. domain)(see col. 3, lines 17-21, 32-35, col. 8, lines 31- 
45, that is coupled to a network(see col. 8, lines 66-67), a communication device to receive data 
from a plurality of monitors, over a hardened, redundant network(see col. 8, lines 13-21); a 
computer system, the computer system includes, a process that executes on the computer system 
to analyze the data from the plurality of monitors to determine network traffic statistics that can 
identify malicious network traffic(see col. 13, lines 16-30). 

4. As per claim 2, Porras et al. discloses an analysis and filtering process to identify 
malicious traffic and to eliminate the malicious traffic from entering the victim data center(see 
col. 5, Hues 4-22, col. 13, lines 60-65, col 14, lines 1-7). 

5. As per claim 3, Porras et al. discloses wherein the data analyzed by the control center is 
collected statistical information about network flows(see col. 2, lines 36-53). 
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6. As per claim 4, Porras discloses aggregates traffic information and coordinates measures 
to locate and block the sources of an attack(see col. 1, lines 55-65, col. 5, lines 4-22). 

7. As per claim 5, Porras discloses wherein the control center is a hardened site(see col. 2, 
lines 8-10). 

8. As per claim 6, Porras discloses wherein the analysis process executed on the control 
center analyzes data from gateways and data collectors dispersed throughout the network(see col. 

8. lines 13-30). 

9. As per claim 9, it is rejected under the same basis as claim 1. 

10. As per claim 10, limitations have already been addressed(see claim 2). 

11. As per claim 1 1 , limitations have already been addressed(see claim 4). 

12. As per claim 12, Porras discloses receiving and analyzing are performed by a control 
center coupled to the data collectors via the hardened, redundant network(see col. 8, lines 13-21). 

13. As per claim 13, Porras discloses wherein plurality of monitoring devices(see col. 8, lines 
13-21); are data collectors dispersed throughout the network and at least one gateway device that 
is disposed adjacent the victim site to protect the victim)(see col. 3, lines 17-21, 32-35, col. 8, 
lines 31-45), and wherein analyzing includes analyzing at a control center data from the at least 
one gateway and the data collectors dispersed throughout the network(see col. 8, lines 13-30). 

14. As per claim 15, it is rejected under the same basis as claim 8. 

15. As per claim 16, Porras discloses sending requests to gateways and/or data collectors for 
data pertaining to an attack(see col. 8, lines 40-46). 
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16. As per claim 17, Porras discloses sending requests to gateways and/or data collectors for 
requests to install filters to filter out attacking traffic(see col. 5, lines 4-22, col. 13, lines 60-65, 
col. 14, lines 1-7). 

17. As per claim 1 8, it is rejected under the same basis as claim 1 . 

1 8. As per claim 19, it is rejected under the same basis as claim 12. 

Claim Rejections - 35 USC § 103 

19. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

20. Claims 7-8, 14, are rejected under 35 U.S.C. 103(a) as being unpatentable over Porras in 
view of Hill et al. 

21 . Porras does not disclose classifying attack. However, Hill et al. does disclose classifying 
attacks(see col. 5, lines 66-67, col. 6, lines 1-18). It would have been obvious to one of ordinary 
skill in the art at the time of the invention to include Hill et al. classifying attacks within Porras, 
because classifying attacks displays attack information in a usable and quickly interpretable form 
to a network manager while minimizing the loading on the computer(see col. 2, lines 45-50 of 
Hill et al.). Therefore, by classifying attacks provides a network manager with knowledge of the 
severity and overall nature of the attack(see col. 2, lines 53-60 of Hill et al.). 

22. As per claims 7, 14, Porras discloses wherein the analysis process classifies attacks and 
determines a response based on the class of attack(see col. 2, lines 63-67, col. 3, lines 1-17). 
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23. As per claim 8, Hill et al. discloses wherein the classes of attack are denoted as low-grade 
with spoofing, low-grade without spoofing and high-grade whether spoofing or non-spoofing(see 
fig. 3, sheet 3, fig. 7, sheet 6). 



Any inquiry concerning this communication or earlier communications fi-om the 
examiner should be directed to Jenise E Jackson whose telephone number is (703) 306-0426. 
The examiner can normally be reached on M-Th (6:00 a.m. - 3:30 p.m.) alternate Friday's. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (703) 305-9648. The fax phone number for the 
organization where this appUcation or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained fi-om the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toU-fi^ee). 
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